Recently, I started to research kernel CFI and found that RAP of the PAX team became commercial. Does anyone know where the last public version of RAP is? If you have any clues, please help me! @paxteam @grsecurity
2
1
last one was for 4.9.9, there're git repos out there that collected some of the patches: github.com/slashbeast/grsecu… and github.com/linux-scraping/li… . a lot has changed since.

GitHub - linux-scraping/linux-grsecurity: grsecurity is the most advanced Linux kernel hardening...

grsecurity is the most advanced Linux kernel hardening patchset. This repository, not affiliated with the upstream project, aggregate most available grsecurity patches applied to consistent Linux s...

github.com
1
1
I appreciate your help. It seems the repo has more later one, 4.9.24. May I use it for my research, or should I use the 4.9.9 version you mentioned?
1
ah yeah, i just looked at the bottom of the list, go ahead with the latest version there (it's just as far from what we have these days :).
1
1
I have a new, but not serious, question about the commercial version of RAP. Did you adopt the hardware-based shadow stack like Intel CET? Or are you still using function type-based signatures for the backward-edge protection? :)
4
Replying to @kkamagui1 @grsecurity
that said, we're always interested in attack ideas so you have your work cut out for you ;).

Apr 2, 2023 · 3:44 PM UTC

1
1
Replying to @paxteam @grsecurity
Thank you for your answer. Cookie-based XOR looks like encryption of the return address. It's great!